Executable and Linkable Format - Wikipedia

Ever wondered how a program executable file are loaded by the operating system, despite these files

An executable is something that causes a computer to perform some tasks according to encoded instructions. It's in opposition to a data file which must be parsed by another program to be meaningful, for example an image or video. The instructions are usually in machine code, read by the cpu and so dependent on the cpu architecture. An ex...

Have you ever wondered how it’s possible to call C code from other languages like Python? Here are the technical details — and also why this topic is important for security and sustainability.

A section is an area in an object file that contains information which is useful for linking: [...]

Stafford Horne's (shorne, stffrdhrn) Computer Engineering blog and home page.

Last month, the Centre for Strategic Infocomm Technologies (CSIT) invited local cybersecurity enthusiasts to tackle the InfoSecurity Challenge (TISC). The Challenge was organized in a capture-the-flag format, with 6 cybersecurity and programming challenges of increasing difficulty unlocked one after another.

This protocol enables external tools to attach to a running CPython process and execute Python code remotely. Most platforms require elevated privileges to attach to another Python process. Disabli...

Ever wondered if it is possible to execute an object file without linking? Or use any object file as a library? Follow along to learn how to decompose an object file and import code from it along the way.

The ZipCPU has had a problem.It’s kind of fundamental to digital design, so let’s chat about it.

Overriding library calls

In the first part of this series we discussed the mechanics of an exploit, the general concept of hardening, and the stack protector hardening technique in particular. Some of the concepts explained there will be

This repository holds the specification for the AppImage format. - AppImage/AppImageSpec

My (unsuccessful) investigation into removing unused code from the compiled output of OCaml, including all the web archeology and deep-dive into how native binaries are formed.

As described in a number of older blog posts, Nix is primarily a source based package manager -- it constructs packages from source code b...

(This is part of the podcast discussion extension) Unix Executables Link of the recording There are many Unix-like operating systems and each use their own executable formats. What is there to know ab

This is the fourth article of a series discussing various methods of reducing the size of the [...]

Guide to Systems Programming, covering fundamentals such as bit manipulation, parsing, filesystems, input/output, syscalls, memory management, and signals.

Auditing and relabeling cross-distribution Linux wheels. - pypa/auditwheel

QR codes are usually used for storing small amounts of textual data such as web links. However, they are capable of storing other arbitrary data. Here a small computer architecture is designed around a compact encoding of computer instructions in the textual data of QR codes. To experiement, I explore a small instruction-set, and create a small development environment (assembler & virtual machine) to experiment with some simple programs.

Making a nicer disassembler I’ve had a rudimentary disassembler in the emuriscv emulator, but compared to other disassemblers out there it was not very refined. Debugging and fixing the emulator required me to read a lot of disassembled code, which I generated with GNU objdump, but the problem was that my tool printed out a slightly different output format compared to objdump. Having two separate disassembly listing formats to keep in my head was confusing enough, so I set out to achieve a comparable output to the reference tool.

In my previous post “Google CTF (2018): Beginners Quest - Web Solutions” we covered the web challenges for the 2018 Google CTF, which covered a variety of security issues ranging from topics such as the improper use of client side scripts, and other simple vulnerabilities like cross-site scripting (also known as XSS).

A place to be (re)educated in Newspeak

Executables have been fascinating to me ever since I discovered, as a kid, that they were just files. If you renamed a .exe to something else, you could open it in notepad! And if you renamed somet...

Generating vmlinux.h header that contains all the type-definitions of the Linux kernel allows independence from kernel headers when writing eBPF programs

In preparation for our upcoming release of Wasmtime 1.0 on September20, we have prepared two blog posts describing the work we have putinto the compiler and runtime recently. This first post will describeperformance-related projects: mak...

How did I build and release the smallest PhantomJS image you'll see on the Docker Hub

Now, I’m going to leave the hardware parts alone and start working with the software. At the end of this part, we will have our firmware ready to be written (programmed) into the microcontroller.

As far as technical challenges go, the Internet of Things is as tough as it gets: The scale is large: everything is huge. The power is low: there is almost none of it available. Wireless is weird: it keeps changing and it wasn’t very nice to begin with. Today we look at these fundamental problems that every IoT platform must face and how we solve them in the Thingsquare IoT platform. Scale: When everything is large, all bets are off Many IoT deployments involve hundreds or thousands of individual devices. With large numbers of devices, even problems that normally would be unlikely to occur, are likely to occur. Large networks are difficult to monitor in the field. But are even more challenging to work with during development. At Thingsquare, we use these categories when we talk about development of IoT networks: Developer scale: 1-2 devices. When you have 1 or 2 wireless devices in front of you, it is relatively easy to understand what they are doing. You can add printouts or LEDs that blink when things happen, and as a developer, you can feel confident that you are in control. It is even possible to stop the execution of the software on one of the devices and single-step the program. Desktop scale: 2-5 devices. At this stage you can no longer control each device on its own, but you must treat them like a unit. They are still few enough to be able to monitor though, but you will have to use things like visually blink LEDs to allow you to see what is going on with them. Office scale: 5-10 devices. Now you have run out of space to fit the devices on a single desk and must spread them out over an area that begins to become difficult to monitor. And programming them with a new program starts to be a practical challenge, because you will have to physically connect and disconnect each device to the flash programmer. Floor scale: 10-100 devices. It now begins to be difficult to find space for all your devices in a single office and you will need to spread out over an entir

rp++ is a fast C++ ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM/ARM64 binaries. - 0vercl0k/rp

Executables have been fascinating to me ever since I discovered, as a kid, that they were just files. If you renamed a .exe to something else, you could open it in notepad! And if you renamed somet...

When the NULL Pointer is Valid

I recently acquired an ESP32-C3-DevKitC-02 module, and, as I tend to do, jumped right into reading about how the system boots and how the (pretty good!) tooling Espressif offers works. We have typically used QEMU in the RISC-V Bytes series, but getting our hands on physical hardware starts to make things feel a bit more real. In this first post on the ESP32, we’ll do some basic setup and look at a simple custom bootloader.

In our last post we explored operators and kernels in Tensorflow Lite, and how the ability to swap out kernels depending on the hardware capabilities available can lead to dramatic performance improvements when performing inference. We made an analogy of operators to instruction set architectures (ISAs), and kernels to the hardware implementation of instructions in a processor. Just like in traditional computer programs, the sequence of instructions in a model needs to be encoded and distributed in some type of file, such as an Executable and Linkable Format (ELF) on Unix-based systems or Portable Executable (PE) on Windows.

Today, on behalf of the Rust Fuzzing Authority, I’d like toannounce new releases of the arbitrary,libfuzzer-sys, and cargo fuzzcrates. Collectively, these re...

Today is my last day at the [Recurse Center][RC] and I want to take a moment totalk about what I did here. I came here with big plans and then ended updoing ...

Creating a flash image The primary purpose of the ihex file in the embedded space is to create a file that is used to program/reprogram a target system. There are various file formats around, with the Intel Hex (ihex) format being among the most widely used. The output of the linker stage of a build process is typically to generate a .elf file (Executable and Linkable Format). Many debuggers and programmers can work directly with the ELF file format. However, in many [...]

BlackHat Europe 2022 During the first week of December, I had the pleasure of attending a training course at BlackHat Europe 2022 titled Assessing and Exploiting Control Systems and IIoT run by Justin Searle. Part of the course involved Assessing and Exploiting Embedded Firmware by reading on-chip Flash using OpenOCD. Unfortunately, we ran out of time to finish the last labs during the training (we ran 9 am-6 pm each day). So I decided to follow along with the very comprehensive notes [...]

All I (now) know about booting x86-64

Replacing time-related vDSO entries at runtime

Stafford Horne's (shorne, stffrdhrn) Computer Engineering blog and home page.

Stafford Horne's (shorne, stffrdhrn) Computer Engineering blog and home page.

Stafford Horne's (shorne, stffrdhrn) Computer Engineering blog and home page.

How profilers and debuggers translate machine addresses to human-readable symbolic names

Years ago, I was working with Poudriere to set up an ARM build system on FreeBSD on x86-64. In doing so I came across the binmiscctl(8) utility. This, paired with the imgact_binmisc kernel module, were very clever and would allow you to register different interpreters or wrappers based on fields in the ELF header of […]

2945 bytes. Less than 0.006% of Wasmtime, smaller than a C “Hello, world!”. Zero dependencies, no cheating: just a static x86-64 Linux executable. Scan the QR code above with zbarimg --raw -Sbinary or another QR decoder that supports binary data, or directly download the program from the GitHub repo, and you’re good to go.

A while ago I was browsing the Python bug tracker, and I stumbled upon this bug - “memoryview to freed memory can cause segfault”. It was created in 2012, originally present in Python 2.7, but remains open to this day, 10 years later. This piqued my interest, so I decided to take a closer look.

Your favourite ROP gadget

Documenting the week-long journey I took to package WezTerm for Guix from start to finish.

I have been interested in the RISC-V architecture for a while. RISC-V is an I nstruction S et A rchitecture, like ARM, MIPS or x86, but it...

Introduction

How we gained 2–3% improvements in compile times by making GHC better at printing code.

One of the seriously underutilized tools of the trade in the software development world, at least in my experience, has been binary analysis. We have linters, unit tests, correctness proofs, and static analysis tools to help catch bugs in our software. However, when a bug inevitably pops up that escapes all these checks, it could be hard to fix. Binary analysis can enhance our debugging toolkit by catching bugs that stem from the compiler. While most binary analysis is done in the field of security, many of those principles can be brought into normal software development to fix hard-to-detect problems as well.

Introduction && Credit to Gamozolabs For a long time I’ve wanted to develop a fuzzer on the blog during my weekends and freetime, but for one reason or another, I could never really conceptualize a project that would be not only worthwhile as an educational tool, but also offer some utility to the fuzzing community in general. Recently, for Linux Kernel exploitation reasons, I’ve been very interested in Nyx. Nyx is a KVM-based hypervisor fuzzer that you can use to snapshot fuzz traditionally hard to fuzz targets. A lot of the time (most of the time?), we want to fuzz things that don’t naturally lend themselves well to traditional fuzzing approaches. When faced with target complexity in fuzzing (leaving input generation and nuance aside for now), there have generally been two approaches.

Depend upon it, Sir, when a man knows he is to be hanged in a fortnight, it concentrates his mind wonderfully. -- Samuel Johnson I wish t...

The purpose of the LD_LIBRARY_PATH environment variable is to instruct the linker to consider additional directories when searching for libraries. Its valid use case is the test of alternative library versions installed in non-standard locations. In contrast to that, globally setting the LD_LIBRARY_PATH (e.g. in the profile of a …

Rust 1.26 introduced a nifty little feature called Basic Slice Patterns which lets you pattern match on slices with a known length. Later on in Rust 1.42, this was extended to allow using .. to match on “everything else”. As features go this may seem like a small addition, but it gives developers an opportunity to write much more expressive code. The code written in this article is available in the various playground links dotted throughout. Feel free to browse through and steal code or inspiration.

Now, I’m going to leave the hardware parts alone and start working with the software. At the end of this part, we will have our firmware ready to be written (programmed) into the microcontroller.

Embedded software blog by Djordje Nedic, covering modern approaches to firmware development.

The recommended way to link UEFI applications on linux was until now through GNU-EFI, a toolchain provided by the GNU Project that bridges from the ELF world into COFF/PE32+. But why don’t we compile directly to native UEFI? A short dive into the past of GNU Toolchains, its remnants, and a surprisingly simple way out.

Clarifying the shebang (#!) mechanism: A step-by-step look using strace and kernel code shows how Linux handles script execution directly, revealing the shell isn't involved initially.

Jim Calabro

Les paquets permettent d’installer des logiciels et des bibliothèques sur un ordinateur, mais quel format pour quelle tache ?

In this post I am going to demonstrate how to easily find out what an evilELF is doing to your system. This can be useful if you have one that...

This is a write up of some discussion ongoing with some folks on the #nix-community IRC chat primarily being driven by Mic92. Nixpkgs maintains the highest rating on Repology for having the most packages & which are up to date. Unfortunately even with the current ecosystem of packages, there will always be gaps, and for beginners in NixOS a common question is: “I’ve download a binary and would like to run it on NixOS” Take a look at this graph https://repology.org/repositories/graphs Can we do better & streamline running non-Nix software? 🤔 This was some of the questions posed by some…

An unfortunate side effect of the rising popularity of Apple’s ARM-based computers is an increase in unportable assembly code which targets the 64-bit ARM ISA. This is because developers are writing these bits of assembly code to speed up their programs when run on Apple’s ARM-based computers, without considering the other 64-bit ARM devices out there, such as SBCs and servers running Linux or BSD. The good news is that it is very easy to write assembly which targets Apple’s computers as well as the other 64-bit ARM devices running operating systems other than Darwin.

This week I took part in the HackTrinity CTF. It was my first CTF, but by the end of the week I managed to get all the flags. I think I may have been the second person to do it :) Following is my solutions to each of the problems, in

Short thoughts on C++, Unix and in general, technology

Creating standalone Linux applications with lone.

A ground-up model of how computers execute code, starting from logic gates and ending at the instruction cycle.

At Cloudflare we like Go. We use it in many in-house software projects as well as parts of bigger pipeline systems. But can we take Go to the next level and use it as a scripting language for our favourite operating system, Linux?

In this post, we create a minimal 64-bit Rust kernel for the x86 architecture. We build upon the freestanding Rust binary from the previous post to cr…

Read about how we exploit JIT compilation in ClickHouse

Can we make a Rust program that's as small as it's assembler equivalent?

Tracing how the CPU, OS, and ELF format shape the structure of your assembly code